Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

ChatGPT single-prompt DNS side-channel exfiltration remote code execution flaw

Vulnerability
First reported
Last updated
Happening score
H score 36
1 unique sources, 1 articles

Summary

Hide ▲

A ChatGPT vulnerability let a single malicious prompt covertly exfiltrate prompts, messages, uploaded files, and other sensitive content through a DNS side channel. The flaw also carried remote code execution risk, widening the impact beyond data theft. OpenAI deployed a security update on February 20 after the issue was reported. The weakness mattered because it could move sensitive user and corporate data out of ChatGPT’s isolated execution environment.

Related Happenings

OpenAI hit by cyberattack

Incident
First: 14.05.2026 22:07 Last: 14.05.2026 22:07 Sources 1

About this happening: OpenAI confirmed **two employees' devices** were breached, giving attackers access to a limited set of internal source code repositories and forcing a precautionary rotation of **...

Open Happening

OpenAI launches Daybreak cybersecurity initiative for AI-powered vulnerability detection and patch validation

Security Tool/Service
First: 12.05.2026 09:55 Last: 12.05.2026 09:55 Sources 1

About this happening: OpenAI's **Daybreak** launch adds an **AI-powered cybersecurity service** for **vulnerability detection** and **patch validation**, helping organizations fix flaws before attacker...

Open Happening

Cursor local SQLite secret-storage exposing credentials security flaw

Vulnerability
First: 29.04.2026 18:00 Last: 29.04.2026 18:00 Sources 1

About this happening: A **high-severity** **Cursor** flaw lets installed extensions read secrets stored locally, exposing **API keys** and **session tokens** without user interaction. The weakness stem...

Open Happening

OpenAI Safety Bug Bounty launch

Commercial Activity
First: 26.03.2026 14:20 Last: 26.03.2026 14:20 Sources 1

About this happening: **OpenAI** launched the **Safety Bug Bounty** on **Bugcrowd**, expanding researcher coverage for **AI abuse** and **safety risks** across its products. The new program complements...

Open Happening

ChatGPT prompt-injection URL-modification bypass ZombieAgent security flaw

Vulnerability
First: 08.01.2026 18:45 Last: 08.01.2026 18:45 Sources 1

About this happening: **ZombieAgent** is a newly identified **prompt-injection vulnerability** in **ChatGPT** that could leak sensitive data from connected services such as **Gmail, Outlook, Google Dri...

Open Happening

Timeline

  1. 31.03.2026 16:01 1 articles · 1mo ago

    OpenAI deploys ChatGPT security update

    Mitigation Patch Update

    OpenAI deployed a security update for ChatGPT on February 20 after researchers reported a flaw that let a single malicious prompt abuse a hidden outbound communication path and DNS side channel from ChatGPT’s isolated execution runtime, reducing the risk of prompt and message exposure.

    Show sources
    Open in new tab
  2. 30.03.2026 03:00 2 articles · 1mo ago

    Check Point discloses ChatGPT single-prompt exfiltration flaw

    Initial Disclosure

    Check Point disclosed a ChatGPT vulnerability in which a single malicious prompt could activate a hidden exfiltration channel inside a regular ChatGPT conversation, sending prompts, messages, uploaded files, and other sensitive content to an attacker-controlled server through a DNS side channel, with remote code execution risk also present.

    Show sources
    Open in new tab